SonarQube Community Build 25.5.0.107428 released

Hi all,

Sonar is proud to announce the May release of the SonarQube Community Build 25.5.0.107428. This version includes the brand new support for Rust language (you can check more details in this blog post), as well as other enhancements.

Details are in the Release Notes. You’ll find all fixed tickets in the full release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at SonarSource.com, Docker image is available on Docker Hub.

Elena

Hi,

I am getting vulnerability scans for the following CVE when using your v25.3.0.104237 version of the Community Build due to an older version of the Netty library:

CVE-2025-24970 and CVE-2024-57699

I can see you have updated to a higher version in this ticket which will fix this problem: https://sonarsource.atlassian.net/issues/SONAR-24448?jql=ORDER%20BY%20created%20DESC

When will the work on the ticket above be released?

Hi,

The ticket you shared shows that the fix was part of “sqcb-25.4” (SonarQube Community Build 25.4) released last month. You need to upgrade to 25.5.

Hello @j-exp,

You are referencing SonarQube Community Build 25.3, but we have released a newer version 25.5 (as referenced by Elena in the opening post).

Please scan the latest version 25.5. The CVEs were addressed in 25.4 (one version ago), so 25.5 is newer and will include the fix from SONAR-24448.

EDIT: oops, follow what @Scott said!